Barretenberg: src/barretenberg/crypto/poseidon2/sponge/sponge.hpp Source File

// === AUDIT STATUS ===

// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }

// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }

// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }

// =====================


#pragma once


#include <array>

#include <cstddef>

#include <cstdint>

#include <span>


#include "barretenberg/numeric/uint256/uint256.hpp"


namespace bb::crypto {


template <typename FF, size_t rate, size_t capacity, size_t t, typename Permutation> class FieldSponge {

  private:

    // sponge state. t = rate + capacity. capacity = 1 field element (~256 bits)

    std::array<FF, t> state{};


    // cached elements that have been absorbed.

    std::array<FF, rate> cache{};

    size_t cache_size = 0;


    FieldSponge(FF domain_iv) { state[rate] = domain_iv; }


    void perform_duplex()

    {

        // Add the cache into sponge state

        for (size_t i = 0; i < rate; ++i) {

            state[i] += cache[i];

        }


        // Apply permutation

        state = Permutation::permutation(state);


        // Reset the cache

        cache = {};

    }


    void absorb(const FF& input)

    {

        if (cache_size == rate) {

            // If the cache is full, apply the sponge permutation to compress the cache

            perform_duplex();

            cache[0] = input;

            cache_size = 1;

        } else {

            // If the cache is not full, add the input into the cache

            cache[cache_size] = input;

            cache_size += 1;

        }

    }


    FF squeeze()

    {

        perform_duplex();

        return state[0];

    }


  public:


    static FF hash_internal(std::span<const FF> input)

    {

        const size_t in_len = input.size();

        const uint256_t iv = (static_cast<uint256_t>(in_len) << 64);

        return hash_internal(input, iv);

    }


    static FF hash_internal(std::span<const FF> input, FF iv)

    {

        FieldSponge sponge(iv);


        const size_t in_len = input.size();

        for (size_t i = 0; i < in_len; ++i) {

            sponge.absorb(input[i]);

        }


        return sponge.squeeze();

    }


};


} // namespace bb::crypto

bb::crypto::FieldSponge
Implements a cryptographic sponge over prime fields. Implements the sponge specification from the Com...
Definition sponge.hpp:32

bb::crypto::FieldSponge::hash_internal
static FF hash_internal(std::span< const FF > input)
Use the sponge to hash an input vector.
Definition sponge.hpp:84

bb::crypto::FieldSponge::absorb
void absorb(const FF &input)
Definition sponge.hpp:57

bb::crypto::FieldSponge::cache_size
size_t cache_size
Definition sponge.hpp:39

bb::crypto::FieldSponge::squeeze
FF squeeze()
Definition sponge.hpp:71

bb::crypto::FieldSponge::FieldSponge
FieldSponge(FF domain_iv)
Definition sponge.hpp:41

bb::crypto::FieldSponge::cache
std::array< FF, rate > cache
Definition sponge.hpp:38

bb::crypto::FieldSponge::perform_duplex
void perform_duplex()
Definition sponge.hpp:43

bb::crypto::FieldSponge::state
std::array< FF, t > state
Definition sponge.hpp:35

bb::crypto::FieldSponge::hash_internal
static FF hash_internal(std::span< const FF > input, FF iv)
Use the sponge to hash an input vector with a custom IV.
Definition sponge.hpp:98

bb::numeric::uint256_t
Definition uint256.hpp:32

bb::stdlib::Poseidon2Permutation::permutation
static State permutation(Builder *builder, const State &input)
Circuit form of Poseidon2 permutation from https://eprint.iacr.org/2023/323.

bb::crypto
Definition aes128.cpp:158

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

bb::field< bb::Bn254FrParams >

uint256.hpp